Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
11/04/2023, 09:14
Static task
static1
Behavioral task
behavioral1
Sample
84499558c48c4fdebac20cab68253aa7.exe
Resource
win7-20230220-en
General
-
Target
84499558c48c4fdebac20cab68253aa7.exe
-
Size
228KB
-
MD5
84499558c48c4fdebac20cab68253aa7
-
SHA1
d4518c621d32ebc483a8f0761cf6ed0fe3c7b8ce
-
SHA256
ca958072c2483f5cfab83972b3e5a25a163eed2d0d6df7d310ddf200a6fec53c
-
SHA512
00ad7c29108eb787d0283bb6a6c2955ff3b4a64254d03767c1c21e8bf3a1e14149958c9de8f4fd2f6489972b4573b07abc18a3bc2e96cba5fe2d4852d204d65a
-
SSDEEP
3072:psLU9af5Y43YGpnzljr0E8aj8G9Ku+oukzuhWkiWBkOuRGK:GL2O3YGpnzlFBj59zukihIpjcK
Malware Config
Extracted
systembc
109.205.214.18:443
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1764 ccoppjj.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\Tasks\ccoppjj.job 84499558c48c4fdebac20cab68253aa7.exe File opened for modification C:\Windows\Tasks\ccoppjj.job 84499558c48c4fdebac20cab68253aa7.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1500 84499558c48c4fdebac20cab68253aa7.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1440 wrote to memory of 1764 1440 taskeng.exe 28 PID 1440 wrote to memory of 1764 1440 taskeng.exe 28 PID 1440 wrote to memory of 1764 1440 taskeng.exe 28 PID 1440 wrote to memory of 1764 1440 taskeng.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\84499558c48c4fdebac20cab68253aa7.exe"C:\Users\Admin\AppData\Local\Temp\84499558c48c4fdebac20cab68253aa7.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:1500
-
C:\Windows\system32\taskeng.exetaskeng.exe {45090914-468F-4883-A28D-A99DBB9B8C43} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
PID:1440 -
C:\ProgramData\fbcrwn\ccoppjj.exeC:\ProgramData\fbcrwn\ccoppjj.exe start2⤵
- Executes dropped EXE
PID:1764
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
228KB
MD584499558c48c4fdebac20cab68253aa7
SHA1d4518c621d32ebc483a8f0761cf6ed0fe3c7b8ce
SHA256ca958072c2483f5cfab83972b3e5a25a163eed2d0d6df7d310ddf200a6fec53c
SHA51200ad7c29108eb787d0283bb6a6c2955ff3b4a64254d03767c1c21e8bf3a1e14149958c9de8f4fd2f6489972b4573b07abc18a3bc2e96cba5fe2d4852d204d65a
-
Filesize
228KB
MD584499558c48c4fdebac20cab68253aa7
SHA1d4518c621d32ebc483a8f0761cf6ed0fe3c7b8ce
SHA256ca958072c2483f5cfab83972b3e5a25a163eed2d0d6df7d310ddf200a6fec53c
SHA51200ad7c29108eb787d0283bb6a6c2955ff3b4a64254d03767c1c21e8bf3a1e14149958c9de8f4fd2f6489972b4573b07abc18a3bc2e96cba5fe2d4852d204d65a